43 matches found
EUVD-2016-1757
Malware in sbrugna...
CVE-2025-9206
The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2022-4381
Malicious code in bioql PyPI...
WordPress plugin Popup Maker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-57520
A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...
CVE-2025-52132
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page...
CVE-2023-1946
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input leads to cross site scripting. The attack may be initiated...
CVE-2018-16624
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page...
CVE-2022-3556
The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...
PT-2024-40071 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A cross-site scripting issue has been found in the FormAction field, where a user can specify a title. Recommendations: At the moment, there is no information about a newer version that...
PT-2024-11983 · Unknown · Sourcecodester Oretnom23 Employee'S Payroll Management System
Name of the Vulnerable Software and Affected Versions: sourcecodester oretnom23 employee's payroll management system version 1.0 Description: The issue allows attackers to execute arbitrary code via the code, title, from date, and to date inputs in the file Main.php. This is a Cross Site Scriptin...
CVE-2022-2413
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
CVE-2023-1946
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...
PT-2023-17359 · Sourcecodester · Sourcecodester Survey Application System
Name of the Vulnerable Software and Affected Versions: SourceCodester Survey Application System version 1.0 Description: A problematic issue was found in the Add New Handler component, affecting some unknown processing. The manipulation of the Title argument with the input promptdocument.domain...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the "Display title" Input. PoC alertdocument.location Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website...
CVE-2022-37796
In Simple Online Book Store System 1.0 in /adminbook.php the Title, Author, and Description parameters are vulnerable to Cross Site ScriptingXSS...
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
CVE-2022-0961 The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12...
Microweber 输入验证错误漏洞
Microweber is a drag-and-drop online store management system from the Microweber community in the United States. A denial of service vulnerability exists in versions of Microweber prior to 1.2.12. The vulnerability stems from the fact that the application allows large characters to be inserted in...
CVE-2021-42329
The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...